Tag: privacy

Compare and Contrast

Fourth Amendment:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Supreme Court (Katz v. U.S.):

“[S]earches conducted outside the judicial process, without prior approval by judge or magistrate, are per se unreasonable under the Fourth Amendment—subject only to a few specifically established and well delineated exceptions.”

Washington Post:

“The Obama administration is seeking to make it easier for the FBI to compel companies to turn over records of an individual’s Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation.”

The Information Economy Stops Evolving Today

That would be the message if a bill introduced in Congress this week were to pass. H.R. 5777 is the “Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act” or the “BEST PRACTICES Act.” If acronyms were a basis for judging legislation, it should be widely hailed as a masterwork.

But its substance is concerning, to say the least. The bill’s scope is massive: Just about every person or business that systematically collects information would be subject to a new federal regulatory regime governing information practices. By systematic, I mean: If you get a lot of emails or run a website that collects IP addresses (and they all do), you’re governed by the bill.

There’s one exception to that: The bill specifically exempts the government. What chutzpah our government has to point the finger at us while its sprawling administrative data collection and surveillance infrastructure spiral out of control.

Reviewing the bill, I found it interesting to consider what you get when you take a variety of today’s information “best practices” and put them into law. Basically, you freeze in place how things work today. You radically simplify and channel all kinds of information practices that would otherwise multiply and variegate.

I spoke about this yesterday with CNet News’ Declan McCullagh:

Harper says it reminds him of James C. Scott’s book, “Seeing Like A State.” Governments and big corporations “radically simplify what they oversee to make it governable,” he said. “In things like forestry and agriculture, this has had devastating environmental effects because ecosystems don’t function when you eliminate the thousands of ‘illegible’ relationships and interactions. This is Seeing Like a State for the information economy.”

Give people remedies when they’re harmed by information practices, and then leave well enough alone. There’s no place for a list of “must-do’s” and “can’t-do’s” that choke our nascent information economy—especially not coming from a government that doesn’t practice what it preaches.

Stop ‘n’ Frisk Databases

Via Adam Serwer, New York governor David A. Paterson is expected to sign a bill today doing away with data collection on people the police stop and question, but who have done nothing wrong.

The Transportation Security Adminstration’s “SPOT” program—recently the subject of a scathing Government Accountability Office critique—does similar data collection about innocent people.

From late May 2004 through August 2008, “behavior detection officers” referred 152,000 travelers to secondary inspection at airports. Of those, TSA agents referred 14,000 people to law enforcement, which resulted in approximately 1,100 arrests. None had links to terrorism or any threat to aviation.

The data TSA collects “when observed behaviors exceed certain thresholds”—that is, when a traveler garners TSA suspicion—includes:

  • first, middle, and last names
  • aliases and nicknames
  • home and business addresses and phone numbers
  • employer information
  • identification numbers such as Social Security Number, drivers license number or passport number
  • date and place of birth
  • languages spoken
  • nationality
  • age
  • sex
  • race
  • height and weight
  • eye color
  • hair color, style and length
  • facial hair, scars, tattoos and piercings, clothing (including colors and patterns) and eyewear
  • purpose for travel and contact information
  • photographs of any prohibited items, associated carry-on bags, and boarding documents
  • identifying information for traveling companion.

Busting the Myth that Web Sites ‘Sell Your Data’

On TLF, Berin Szoka comes up just shy of ranting, but it’s a good rant against the myth that Web sites like Facebook sell or give your data to advertisers.

In targeted online advertising, the business model is generally to sell advertisers access to people based on their demographics. It is not to sell individuals’ personal and contact info. Doing the latter would undercut the advertising business model and the profitability of the web sites carrying the advertising.

I did some myth-busting of my own last year when the Wall Street Journal published erroneous information about a health-interest site called RealAge.com, which does not give or sell visitors’ data to drug companies.

Understanding how technologies and business models work is job one for crafting good public policies, but as I noted yesterday

“Privacy” v. Justice: Wiretapping Case Update

Anthony Graber, the Maryland motorcyclist being prosecuted on state felony wiretapping charges for recording his traffic stop and posting the video on YouTube, is the subject of an article in today’s Washington Post. I have said (again and again) that this is a misreading of the Maryland wiretapping statute, which is not supposed provide grounds for prosecution where there is no “reasonable expectation of privacy.”

Graber was on the side of the highway, and the police officer asserting this expansive reading of the wiretap statute while making an arrest at the Preakness was in the middle of a large crowd. There is no reasonable expectation of privacy in either of those places. The Post article provides the other side of the argument:

The attention the Graber case is receiving has surprised Harford prosecutor Joseph I. Cassilly, who said his office has prosecuted similar cases before, including one within the past year against the passenger of a car that was stopped during a drug investigation who started taping officers with a cellphone camera. Cassilly said he didn’t know the status of the case because the prosecutor handling it has been out sick.

“The question is: Is a police officer permitted to have a private conversation as part of their duty in responding to calls, or is everything a police officer does subject to being audio recorded?” Cassilly said.

Cassilly thinks officers should be able to consider their on-duty conversations to be private.

I disagree. The injustice of the Maryland wiretap law was demonstrated earlier this week when Rep. Bob Etheridge assaulted a student who asked him a question while recording the encounter. The students were lucky that they were in the District of Columbia.

If the scuffle had been in Maryland, Etheridge could have been prosecuted for misdemeanor assault (this remains true for D.C., but I am not aware of any charges that have been made). In contrast, the students would have been on the hook for a felony violation of the wiretap law for recording the event, another violation for posting the event on the internet, and an additional charge for possession of the device used to intercept the conversation. I’m not agreeing with that reading of the law, but that’s the interpretation being used to prosecute Anthony Graber.

Whatever your views on privacy are, that’s not justice.

Event Data Recorders: They’re Not Just for Safety

In my recent testimony before the House Commerce Committee on a proposal to require event data recorders in all new cars sold in the United States, I pointed out that the mandate would go far beyond what is needed to ensure safety. Indeed, the cost of EDRs raises the prices of new cars, marginally reducing the pool of used cars and keeping lower income drivers in older used cars which are less safe.

The demand for EDRs in all cars, collecting and transmitting data about all crashes, suggests that something more than statistically relevant safety data is what advocates of this mandate want. I put a finer point on these issues today in answers to questions propounded to me after the hearing.

The proposed EDR mandate includes controls on the use of EDR information, a nominal protection for privacy, but the EDR mandate “sets the stage for migration away from consumer privacy toward serving the goals of government and industry related not only to safety but also to general law enforcement, taxation, and surveillance.”

Privacy as the Default Setting

Before I can write a blog post, I must lift my hands to type.

I say so because the default setting in life is privacy. Staying in bed maintains privacy pretty well.

Clay Shirky gives privacy a contrary treatment on the New York TimesRoom for Debate blog. We are both discussants there of the question whether the government should intervene to solve privacy issues with Facebook.

Shirky, a teacher in the Interactive Telecommunications Program at N.Y.U., writes:

There are two principal effects of the Internet on privacy. The first is to shrink personal expression to a dichotomy: public or private. Prior to the rise of digital social life, much of what we said and did was in a public environment — on the street, in a park, at a party — but was not actually public, in the sense of being widely broadcast or persistently available.

This enormous swath of personal life, as we used to call it, existed on a spectrum between public and private, and the sheer inconvenience of collecting and collating theoretically observable but practically unobserved actions was enough to keep those actions out of the public sphere.

That spectrum has now collapsed — data is either public or private, and the idea of personal utterances being observable but unobserved is becoming as quaint as an ice cream social.

“[I]t is keeping things private that requires effort,” he writes.

I think Shirky has inadvertently overstated the effects of the Internet on privacy. The dynamics he describes are definitely in play, but they exist almost exclusively in digital social life. For the rest of life, it’s still the other way around. Privacy is easy. You can just stay in bed. Pursuing publicity takes effort.

When you go out into the world, making effort to give publicity to yourself in pursuit of your wants and needs, you must trade some personal information for interaction, yes. That’s physics: photons and sound waves doing what they do. Nobody considers this a privacy problem because of our long experience with it and acculturation to it.

The online environment has similar information demands—when you go online, giving publicity to yourself in pursuit of your wants and needs, you must trade some personal information for interaction—but it has different properties: information is easier to record. Again, though, the rise of the Internet didn’t change privacy on the street, in parks, and at parties, except in the still rare instance when someone is recording and uploading information.

If we were to conduct all of life online, maybe it would be fair to say that protecting privacy takes effort. But even as a digital denizen, the majority of my experience—certainly the most important and valuable of it—is offline, face-to-face interactions with friends and loved ones or time alone.

Here, privacy is the default. Nobody knows my thoughts unless I tell them. Almost never is anyone capturing the conversation in a digital format. Rarely is anyone uploading images. Facebook isn’t hoovering up the information. Doing these things would take effort that nobody is expending.

The Internet didn’t foreclose the use of real space for the conduct of life as Shirky implies by talking about offline living in the past tense. It expanded our freedom by giving us another space—a new option to use as we see fit. Declining to use that space is as normal, natural, and necessary as eating breakfast (which is impossible to do online, by the way). Maybe some of the digerati conduct their love-lives online, but this should be a disqualification for discussing the social impact of the medium for failure to understand how it fits into most people’s lives.

Privacy debates premised on the omnipresence of digital media are interesting and fun, but I don’t think they’re grounded in people’s actual experience of the world (exception!), and they tend to overstate the significance of online privacy problems.